GMS-2024-1: Teleport Access List owners can escalate their privileges

January 3, 2024

Impact

Access Lists are a new feature introduced in Teleport 14 and currently under preview. An issue was discovered that allows an Access List Owner to assign arbitrary permissions, including permissions to themselves which could result in privilege escalation.

Patches

Fixed in version 14.2.4 and 13.4.13

References

github.com/advisories/GHSA-76cc-p55w-63g3
github.com/gravitational/teleport/security/advisories/GHSA-76cc-p55w-63g3

Detect and mitigate GMS-2024-1 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →